“Alice, I have received a complaint from a patient that you may have committed a privacy breach,” said the clinic manager.
You told me what happened. You did not follow our clinic policies and procedures properly when you left messages for the patient about her follow-up healthcare appointments.
I want to work with you to review and improve our office procedures and training so that this does not happen again.
I also want you to take our privacy awareness training. We provide this training for all new employees during orientation. Sometimes we each need a refresher to remind us how we can maintain privacy, confidentiality, and security of our patients’ information each day.
Alice, you are a good employee I believe that you want to do your job better. Privacy of our patients' information is very important. Our policies and procedures help us to ensure that we are doing our jobs well. This is your warning; if this type of error happens again, I will need to take additional disciplinary steps.
If you have any questions, please talk to me, your supervisor or our Privacy Officer.”
Privacy breaches happen.
Healthcare providers are responsible to ensure that employees understand their roles and responsibilities. When a breach happens, we need to contain the breach, correct the problem, and prevent it from happening again.
[clickToTweet tweet=”Do you have an office policy about when and how you should leave telephone messages for patients?” quote=”Privacy awareness training will prevent breaches and may be used as part of the strategy to prevent recurrence.”]
Privacy awareness training happens throughout the year. Informal training that is timely – say, the news item of the latest privacy breach – are great opportunities to reinforce key messages. Use ‘what if that happened to us, what would we do?’ to discuss lessons learned and improve your current practices, if necessary.
Review near-miss privacy and security incidents in your practice. This is the ideal time to discuss and fix potential problems before they become breaches.
The Privacy Officer may create and deliver the training and will monitor, supervise, and support the training.
Use a variety of written and multi-media content like
lunch ‘n learn discussions
to reinforce key messages. People love games, challenges, and cyber competitions, too, as a way to create variety and interest in privacy and security.
Privacy awareness training alone won’t guarantee that mistakes or errors in judgement won’t happen, but the healthcare provider and employer are legally responsible to take reasonable steps prevent privacy and security breaches.